Cryptocurrency Mining Botnets Are Becoming An Epidemic

Cybercriminals are ingenious folk. Highly opportunistic, they’re continually on the look-out for new ways of wreaking havoc among systems or making a fast buck. And it’s the latter motive–personal profit–that seems to be fueling the latest flavor of the day. Cryptocurrency mining botnets are making cybercriminals easy money without most of us even knowing.

When it comes to quick payouts, Ransomware (by which a hacker holds a victim’s computer hostage until payment is sent) is often the method of choice. It’s so popular in fact that damages are predicted to reach $11.5 billion by 2019, with a Ransomware attack happening every 14 seconds, according to Cybersecurity Ventures.

However, just like magpies drawn to a shiny piece of silver, cybercriminals are flocking to a new way of amassing their personal fortunes. Cryptocurrency mining botnets. It’s simple, painless, and arguably relatively harmless when compared to other types of attacks. In fact, victims of cryptocurrency mining botnets probably won’t even know they’re infected.

Principal Analyst at Alert Logiccybersecurity providers Matt Downing remarks, “The coin mining phenomena is really in your face, it’s not subtle. It’s probably more than 80 percent of the attacks we see. I would say it’s something of an epidemic.”

Alert Logic analyzed 500,000 attacks targeting Oracle Weblogic (cve-2017-10271). Over the first two months, they saw coin miner payloads approximately 80 percent of the time. The very first attack they saw (and the first publicly disclosed attacks) were attempting to install coin miners.

Yikes. That raises an important question…

What Are Cryptocurrency Mining Botnets?

Mining cryptocurrency requires a vast amount of computational power, specialist equipment, or a gigantic mathematical brain. Sometimes a combination of these things. And if you don’t have access to extremely inexpensive power, mining cryptocurrency simply isn’t cost-effective.

Unless you program, cryptocurrency mining botnets to do the job for you.

Think of them as a programmable army that does the heavy lifting for the malicious miner. And here’s the clever part. Instead of going after just one computer with limited processing power, mining botnets infect a bunch of devices at once, including computers, smartphones, and servers.

“Monero is hands down the most popular cryptocurrency for these types of activities,” Downing states. Perhaps due to its liquidity and the fact that it’s significantly easier to mine than Bitcoin or Ethereum.

In fact, you may remember the Smominru mining botnet that hijacked over half a million computers and forced them to mine more than $3 million of Monero. All while their owners were blissfully unaware.

There’s almost a beauty in the simplicity of cryptocurrency mining botnets and an egalitarianism to it. Victims are infected with malware which uses the CPU power of their device to mine cryptocurrency almost completely indiscriminately.

Some devices mine better than others, but since they can all do it, they are all equal targets. And the victims’ location is incidental, opening up the pool of targets for unscrupulous miners.

And the profits? They get directed to the wallet of the hacker.

But unlike Ransomware, the victim won’t be asked for money. They’ll simply be lending their computational power. They may not even see a red flag until a huge electricity bill arrives at the end of the month. Or they start wondering why their laptop fan is working on overdrive.

Sustainable Profits

Using cryptocurrency mining botnets or “cryptojacking” doesn’t require any interaction between the perpetrator and the victim. And rather than a hit-and-run, high-profit attack, they provide a sustainable way of making money slowly–so long as the botnets go undetected.

It’s a low risk, long-term way of accumulating money. The payout isn’t high or immediate, but like the Monero attacks, patient players in the space can make millions of dollars over time if they’re sensible about it.

Ramp up the victim’s CPU to 100 percent and they risk damaging the device irreversibly. That would be no use to the miner and a huge red flag to the victim. But tweak the CPU just enough that it can mine overtime and you’ve got sustainable profits.

A Wake-Up Call For Businesses

Infecting machines is easy. The botnets can enter a computer through phishing campaigns, a compromised website, or even a software download. And they can go undetected, as long as the CPU usage isn’t alarmingly high.

Says Downing, “The immediate impact on businesses is that instead of your servers doing whatever you want them to do, they’re running at 100 percent utilization, mining Monero for somebody.”

However, unlike a malicious virus or data theft, businesses might think of these attacks as a wake-up call. The mining botnets themselves sucking up CPU is not so much of a problem as the fact of their entrance.

“The number one thing to keep in mind is that when someone installs a coin miner, they were able to install a coin miner, so there’s some kind of flaw in the system. In that sense, it’s a bit of a canary in the coal mine. There is some critical vulnerability, it could just have easily been something else,” Downing warns.

“It’s important to note that the sole intention of these botnets is coin mining. There doesn’t appear to be secondary objectives.” Since the mining botnets pale into significance compared to other viruses out there, the seriousness of these attacks is up for debate.

It certainly isn’t as nasty as going and encrypting life-saving devices in a hospital. But it’s still causing a problem.

How to Prevent Botnet Miners

In most cases, correct patch management and the right cyber hygiene can prevent companies and individuals from being infected. “Simple patch management would stop 90 percent of all these attacks and a lot of the time we’re lucky. Destructive malware or data theft would be way more terrible and would use the same vector. If you don’t patch you probably are running coin miners and you may not even know it,” warns Downing.

If you’re worried about your personal computer becoming a target, you can also install an antivirus or an adblocker, or use another application, such as NoCoin or minerBlock, as a plugin for Chrome.

Even if your system does get infected, the coding behind the cryptocurrency mining botnets is fairly basic and should be simple for most system administrators to remove.

So, for now, these mining botnets seem to be little more than a nuisance, however, the potential for much more severe attacks is certainly there. If they can hijack a smartphone or a computer, they could just as easily hijack a cloud, stealing capacity, forcing business disruption, and putting data and intellectual property at risk.